N I L A D I C چهارشنبه 6 اردیبهشت 1396 10:05 ب.ظ نظرات ()
Hi
Here I am  going to share with you what i got about CEH ( Certified Ethical Hacker )
i think & hope that it be useful for you


ACTUALLY I AM NOT A GOOD HACKER :-D   DEVIL ONE IS BETTER

CHECK OUT MORE



info that is in the web site // mabnaDP
phone numbers/job list/abilities that need to work/employee info
social engineering
ping //to get ip
tracert //to route the packet ( tracert in windows traceroute in linux )
use search engine to find info about target
use netcraft.com to get info about target
location with google-earth for physicali access
411.com/spokeo/zabasearch/wink
use social network to find info //facebook(friend)/linkedin(job requests)

whois
robots.txt
sitemap.html
https://www.whois.net/
https://who.is/
http://www.iana.org


google dork:
cache Displays the version of a web page that Google contains in its cache instead of
displaying the current version. Syntax: cache:<website name>
link Lists any web pages that contain links to the page or site specified in the query.
Syntax:
link:<website name> //what that linked to website name
info Presents information about the listed page. Syntax: info:<website name>
site Restricts the search to the location specified. Syntax: <keyword> site:<website name>
intitle Returns pages with specified keywords in their title. Syntax:
intitle:<keywords>
inurl Returns only results with the specific query in the URL. Syntax:
inurl:<keywords>

file type for dork search:
• Adobe Portable Document Format (pdf)
• Adobe PostScript (ps)
• Lotus 1-2-3 (wk1, wk2, wk3, wk4, wk5, wki, wks, wku)
• MacWrite (mw)
• Microsoft Excel (xls)
• Microsoft PowerPoint (ppt)
• Microsoft Word (doc)
• Microsoft Works (wks, wps, wdb)
• Microsoft Write (wri)
• Rich Text Format (rtf)
• Shockwave Flash (swf)
• Text (ans, txt)
• And many more
// google dork for win /// johnny for linux (cgi scanner)
//sitedigger (search domain for vulnerable addr for dorks)


– inurl:admin inurl:userlist
• intitle:"Index of" passwords modified
• allinurl:auth_user_file.txt
• "access denied for user" "using password“
• "A syntax error has occurred" filetype:ihtml
• allinurl: admin mdb
• "ORA-00921: unexpected end of SQL command“
• inurl:passlist.txt
• "Index of /backup“
• "Chatologica MetaSearch" "stack tracking:"


google dork for credite cards:
• Number Ranges to find Credit Card
Numbers
– Amex Numbers:
300000000000000..399999999999999
– MC Numbers:
5178000000000000..5178999999999999
– visa 4356000000000000..4356999999999999


googel dork for pass:
"# -FrontPage-" inurl:service.pwd
"http://*:*@www" domainname
"AutoCreate=TRUE password=*"

google dork for IRC pass:
"sets mode: +k"
eggdrop filetype:user user

google dork for  access DB:
allinurl: admin mdb

DC Forum pass:
allinurl:auth_user_file.txt

Mysql pass:
intitle:"Index of" config.php

BACKUP pas:
filetype:bak inurl:"htaccess|passwd|shadow|htusers"

DORK:
admin account info” filetype:log
!Host=*.* intext:enc_UserPassword=* ext:pcf
“# -FrontPage-” ext:pwd inurl:(service | authors | administrators | users) “# -FrontPage-” inurl:service.pwd
“AutoCreate=TRUE password=*”
“http://*:*@www” domainname
“index of/” “ws_ftp.ini” “parent directory”
“liveice configuration file” ext:cfg -site:sourceforge.net
“parent directory” +proftpdpasswd
Duclassified” -site:duware.com “DUware All Rights reserved”
duclassmate” -site:duware.com
Dudirectory” -site:duware.com
dudownload” -site:duware.com
Elite Forum Version *.*”
Link Department”
“sets mode: +k”
“your password is” filetype:log
DUpaypal” -site:duware.com
allinurl: admin mdb
auth_user_file.txt
config.php
eggdrop filetype:user user
enable password | secret “current configuration” -intext:the
etc (index.of)
ext:asa | ext:bak intext:uid intext:pwd -”uid..pwd” database | server | dsn
ext:inc “pwd=” “UID=”
ext:ini eudora.ini
ext:ini Version=4.0.0.4 password
ext:passwd -intext:the -sample -example
ext:txt inurl:unattend.txt
ext:yml database inurl:config
filetype:bak createobject sa
filetype:bak inurl:”htaccess|passwd|shadow|htusers”
filetype:cfg mrtg “target
filetype:cfm “cfapplication name” password
filetype:conf oekakibbs
filetype:conf slapd.conf
filetype:config config intext:appSettings “User ID”
filetype:dat “password.dat”
filetype:dat inurl:Sites.dat
filetype:dat wand.dat
filetype:inc dbconn
filetype:inc intext:mysql_connect
filetype:inc mysql_connect OR mysql_pconnect
filetype:inf sysprep
filetype:ini inurl:”serv-u.ini”
filetype:ini inurl:flashFXP.ini
filetype:ini ServUDaemon
filetype:ini wcx_ftp
filetype:ini ws_ftp pwd
filetype:ldb admin
filetype:log “See `ipsec –copyright”
filetype:log inurl:”password.log”
filetype:mdb inurl:users.mdb
filetype:mdb wwforum
filetype:netrc password
filetype:pass pass intext:userid
filetype:pem intext:private
filetype:properties inurl:db intext:password
filetype:pwd service
filetype:pwl pwl
filetype:reg reg +intext:”defaultusername” +intext:”defaultpassword”
filetype:reg reg +intext:â? WINVNC3â?
filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS
filetype:sql “insert into” (pass|passwd|password)
filetype:sql (“values * MD5″ | “values * password” | “values * encrypt”)
filetype:sql +”IDENTIFIED BY” -cvs
filetype:sql password
filetype:url +inurl:”ftp://” +inurl:”;@”
filetype:xls username password email
htpasswd
htpasswd / htgroup
htpasswd / htpasswd.bak
intext:”enable password 7″
intext:”enable secret 5 $”
intext:”EZGuestbook”
intext:”Web Wiz Journal”
intitle:”index of” intext:connect.inc
intitle:”index of” intext:globals.inc
intitle:”Index of” passwords modified
intitle:”Index of” sc_serv.conf sc_serv content
intitle:”phpinfo()” +”mysql.default_password” +”Zend s?ri?ting Language Engine”
intitle:dupics inurl:(add.asp | default.asp | view.asp | voting.asp) -site:duware.com
intitle:index.of administrators.pwd
intitle:Index.of etc shadow
intitle:index.of intext:”secring.skr”|”secring.pgp”|”secring.bak”
intitle:rapidshare intext:login
inurl:”calendars?ri?t/users.txt”
inurl:”editor/list.asp” | inurl:”database_editor.asp” | inurl:”login.asa” “are set”
inurl:”GRC.DAT” intext:”password”
inurl:”Sites.dat”+”PASS=”
inurl:”slapd.conf” intext:”credentials” -manpage -”Manual Page” -man: -sample
inurl:”slapd.conf” intext:”rootpw” -manpage -”Manual Page” -man: -sample
inurl:”wvdial.conf” intext:”password”
inurl:/db/main.mdb
inurl:/wwwboard
inurl:/yabb/Members/Admin.dat
inurl:ccbill filetype:log
inurl:cgi-bin inurl:calendar.cfg
inurl:chap-secrets -cvs
inurl:config.php dbuname dbpass
inurl:filezilla.xml -cvs
inurl:lilo.conf filetype:conf password -tatercounter2000 -bootpwd -man
inurl:nuke filetype:sql
inurl:ospfd.conf intext:password -sample -test -tutorial -download
inurl:pap-secrets -cvs
inurl:pass.dat
inurl:perform filetype:ini
inurl:perform.ini filetype:ini
inurl:secring ext:skr | ext:pgp | ext:bak
inurl:server.cfg rcon password
inurl:ventrilo_srv.ini adminpassword
inurl:vtund.conf intext:pass -cvs
inurl:zebra.conf intext:password -sample -test -tutorial -download
LeapFTP intitle:”index.of./” sites.ini modified
/// can use exploit-db.com for updated dork



tool:
superscan
nmap